L2 security and WLANs exam
Network engineer is troubleshooting newly deployed wireless network that is using latest 802.11 standards. When users access high bandwidth services such as streaming video, wireless network performance is poor. To improve performance the network engineer decides to configure 5 GHz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve wireless network performance for that type of service?
5 GHz band has more channels and is less crowded than 2.4 GHz band, which makes it more suited to streaming multimedia.
2.4GHz
802.11 b, g, n, and ax
What wireless standard provides data rates up to 1.3Gb/s?
802.11ac
Which 802.11 standards operate at 5Ghz
Ac, ax, a, and n
Two PCs are connected in wireless peer-to-peer topology. What is topology called?
Ad hoc
Purpose of TACACS+ (Terminal Access Controller Access Control Server)?
Authenticate a user against a central database
Which element of AAA is implemented either locally or as server-based solution? What term describe records what users do and what they access and performs client authentication
Authentication
Which feature on switch makes it vulnerable to VLAN hopping attacks?
Automatic trunking port feature enabled for all ports by default
Which type of management frame may regularly be broadcast by AP?
Beacon
Authenticator
Controls physical access to network based on client authentication status
NAT (Network Address Translation)
Converts private IP addresses into public globally reputable ones Service is used on the wireless router that allow the employee laptops to access the internet when a network administrator deploys a wireless router in a small law firm. Employee laptops join the WLAN and receive IP addresses in the 10.0.10.0/24 network.
Which two Cisco solutions help prevent DHCP starvation attacks?
DHCP snooping Port security
What is the technique or method called by VLAN hopping attack may be perpetrated (performed)?
Double-tagging
How do you prevent rogue switch from establishing trunk to enabled ports with default configuration on legitimate switch?
Enable BPDU guard and PortFast Disable DTP
A laptop cannot connect to wireless access point. Which two troubleshooting steps should be taken first?
Ensure that wireless NIC is enabled and wireless SSID is chosen
What is the wireless security mode called when authentication server is used to authenticate users?
Enterprise
What does switch do when it's MAC address table is full?
Flood all incoming frames within local VLAN (virtual local area network) and LAN.
Security violation mode on port is restrict. What happens when security violation occurs?
Frames with unknown source addresses are dropped until enough MAC addresses are removed or maximum allowable address is increased Syslog notifications are send Security violation counter increments by one
The security violation mode on port is protect. What happens when security violation occurs?
Frames with unknown source addresses are dropped until enough secure MAC addresses are removed or maximum allowable address is increased No syslog notifications are send
The beacon is regularly broadcast by AP. What is the purpose of beacon?
Identify network (SSID)
Network administrator is configuring (put together) RADIUS server connection on Cisco 3500 series WLC. Configuration requires shared secret password. What is the purpose for shared secret password?
It is used to encrypt (hide) messages between WLC and RADIUS server.
What is the authentication method called that stores usernames and passwords in a router or a switch?
Local AAA
Network administrator is working to improve WLAN performance on dual-band wireless router. What is a simple way to achieve split-the-traffic result?
Make sure that different SSIDs are used for 2.4 GHz and 5 GHz bands.
Sources of accidental interference
Microwave Cordless Landline Phone Wireless Gadgets (loT) Fluorescent/Christmas Light
For what purpose is the SNMP protocol?
Monitoring and changing device configurations
What is the purpose for secret password shared between WLC (wireless LAN controller) and radius server?
Mutual authentication and encryption
Which feature or configuration on switch makes it vulnerable (unguarded) to VLAN double-tagging attacks?
Native VLAN of trunking port being the same as user VLAN
What is the function provided by CAPWAP (Control and Provisioning of Wireless Access Points) protocol in corporate wireless network?
Provides encapsulation and forwarding of wireless user traffic between access point and wireless LAN controller.
Which feature on a wireless router may be used to prioritize (treat) traffic?
Qos
What are two methods that are used by wireless NIC to discover AP?
Receiving broadcast beacon frame Transmitting probe request
Supplicant
Requires access and responds to requests to from switch
Which protocol can be used to monitor network?
SNMP (Simple Network Management Protocol)
Which three parameters would need to be changed if best practices are being implemented for home wireless AP?
SSID wireless network and AP password
What is the term used when beacon on AP is disabled? What term describes clients will have to manually identify SSID to connect to network.
SSID cloaking
Passive
SSID is broadcast so that name of wireless network will appear in listing of available wireless networks for clients
When AP (access point) is configured as active, what must clients first do to being association process?
Send probe request
ip arp inspection validate src-mac What is the effect of applying the above command to switch port?
Source MAC address in Ethernet header is checked against senders MAC address in frame payload (ARP body)
Technician is troubleshooting slow WLAN that consists of 802.11b and 802.11g devices . New 802.11n/ac dual-band router has been deployed on network to replace old 802.11g router. What can technician do to address slow wireless speed?
Split wireless traffic between 802.11n 2.4 GHz band and 5 GHz band.
All switches on network are configured to automatically learn MAC addresses for each port. Business loses power in bad storm. When switches are brought back online, dynamically learned MAC addresses are retained. Which port security configuration enabled this?
Switchport port-security mac-address sticky
What is unique about channel 1, 6, 11 in 2.4 GHz band?
They are non-overlapping which means they will not interfere with each other
What is the purpose of RADIUS (Remote Authentication Dial-In User Service)?
To authenticate (prove) users against central database Server that allows network administrator of a college to configure WLAN user authentication process. Wireless users are required to enter username and password credentials that will be verified by server
Active
Used to configure access point so that clients must know SSID to connect to access point
Which type of VLAN-hopping attack may be prevented by designating (assign) unused VLAN as native VLAN?
VLAN double hopping
What layer 2 attack can happen because default for Cisco switch ports is dynamic auto?
VLAN hopping
Which type of wireless network is suitable for providing wireless access to city or district?
Wireless MAN (metropolitan area network)
Which type of wireless network commonly uses Bluetooth or Zigbee devices?
Wireless PAN (Personal-Area network)
Which type of wireless network uses transmitters to provide coverage over extensive geographic area?
Wireless WAN
Which type of wireless network uses transmitters to cover medium-sized network, usually up to 300 feet (91.4 meters)?
wireless local-area network
Authorization
Determines what resources users can access or operations they are allowed to perform
Accounting
Determines which resources users access and which operations they performed
What is the security best practices concerning CDP and LLDP
Disable CDP on edge ports that connect to untrusted ports Disable them entirely Disable both protocols on all interfaces where they are not required.
Three techniques for mitigating VLAN attacks?
Disable DTP (Dynamic Trunking Protocol) Statically configure all trunks Set Native VLAN to unused VLAN
What is DHCP (Dynamic Host Configuration Protocol) starvation attack and what is the result?
Exhaust (use) all available IP addresses Legitimate (confirming) clients cannot lease (take) addresses
What is the effect of using different SSIDs on 2.4 and 5GHz bands?
Improves network performance by segmenting traffic
What is the topology called when access points are used to allow connected PCs access to wired network?
Infrastructure
Which tab on 3405 WLC allows admin to configure specific security option like WPA2 (Wi-Fi Protected Access 2)?
WLANs
